SonarQube 플랫폼에서, 플러그인은 소스 코드를 분석하고 이슈를 생성하는 코딩 규칙을 제공합니다. 이 이슈들은 이슈 완화 비용과 기술 부채를 계산하기 위한 자료로 사용됩니다. SonarQube는  세가지 종류의 코딩 규칙을 제공합니다:

• 신뢰성(Reliability)
• 유지보수성(Maintainability)
• 보안성(Security)

이 중 신뢰성과 유지보수성 관련 코딩 규칙은 zero false positive가 기대되며, 보안성 관련 코딩 규칙은 약간의 false positive를 생성할 수 있습니다. Rules 페이지에서 적용 가능한 모든 코딩 규칙들을 살펴볼 수 있으며, 제공하는 템플릿을 기반으로 새로운 코딩 규칙을 생성할 수 있습니다.

코딩 규칙 찾기

"Rules" 메뉴를 클릭하면, 코딩 규칙 페이지로 이동합니다. 기본적으로 적용 가능한 코딩 규칙들을 표시하며, 화면 왼쪽의 검색 기준으로 원하는 코딩 규칙들을 필터링할 수 있습니다:

• Language: 해당 규칙을 적용할 프로그래밍 언어
• Type: 버그(Bug), 취약점(Vulnerability) 혹은 코드 냄새(Code Smell) 코딩 규칙
• Tag: 보다 쉬운 검색을 위해 코딩 규칙에 태그 추가 가능
• Repository: SonarQube에 코딩 규칙을 제공하는 분석 엔진
• Default Severity: 해당 코딩 규칙의 기본 심각도 - 코딩 규칙을 제공하는 플러그인이 정의함
• Status: rules can have 3 different statuses:
  
  • Beta: The rule has been recently implemented and we haven't gotten enough feedback from users yet, so there may be false positives or false negatives.
  • Deprecated: The rule should no longer be used because a similar, but more powerful and accurate rule exists.
  • Ready: The rule is ready to be used in production.
• Available Since: date when a rule was first added on the SonarQube instance. This is useful to list all the new rules since the last upgrade of a plugin for instance.
• Template: display rule templates that allow to create custom rules (see later on this page).
• Quality Profile: inclusion in or exclusion from a specific profile

If a quality profile is selected, it is also possible to check for its active severity and whether it is inherited or not. See the Quality Profile documentation for more.

Rule Details

To see the details of a rule, either click on it, or use the right arrow key. Along with basic rule data, you'll also be able to see which, if any, profiles it's active in and how many open issues have been raised with it.

The 2 following actions are available only if you have the right permissions ("Administer Quality Profiles and Gates"):

• Add/Remove Tags:
  • It is possible to add existing tags on a rule, or to create new ones (just enter a new name while typing in the text field).
  • Note that some rules have built-in tags that you cannot remove - they are provided by the plugins which contribute the rules.
• Extend Description: 
  • Extending rule descriptions is useful to let users know how your organization is using a particular rule for instance or to give more insight on a rule. 
  •  Note that the extension will be available to non-admin users as a normal part of the rule details.

Rule Templates and Custom Rules

Rule Templates are provided by plugins to allow users to define their own rules in SonarQube. For instance, the template "Architectural Constraint" can be used to create any kind of rule that checks forbidden access from a set of file to another set of files.

Rule templates are like cookie cutters from which you can stamp out new, "custom rules". To find templates, use the template facet:

To create a custom rule from a template, you will have to fill the following information:

• Name
• Key (auto-suggested)
• Description (Markdown format is supported)
• Default Severity
• Status
• The parameters specified by the template

It's easy to navigate from a template to the custom rules defined from it: just click on the link in the "Custom Rules" section and you will end up on the details of the given rule.

Custom Rules

Custom Rules are considered like any other rule, except that they can be fully edited or even deleted:

Note that when deleting a custom rule, it is not physically removed from the SonarQube instance but rather its status is set to "REMOVED". This allows current or old issues related to this rule to be displayed properly in SonarQube until they are fully removed.

Extending Coding Rules

Custom coding rules can be added. See Adding Coding Rules for detailed information and tutorials.